Thread Info
  • State Not Answered
  • Replies 2 replies
  • Subscribers 9 subscribers
  • Views 113 views
  • Users 0 members are here
Options
Suggested

How is the location of a sensor/endpoint determined?

ptho

Hi Sophos,

On the Sensor Location pane of the dashboard I have an Endpoint showing as being in a country I wouldn't expect it to be.

I'm not immediately concerned with the above fact, but I'm interested in knowing how Sophos calculates the location of the device - or could this be an end-user sat behind a VPN, or perhaps even a bug in the interface?

Many Thanks

Parents
  • 0

    Thank you for reaching out to the community forum. 

    Can you further elaborate on what requirements you're asking here? 

    When you mentioned, "Calculate the location of the device" are you referring to any groups or sub-estate, or a general location like Site A or Site B?

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to GlennSen

    Hi,

    On the Sophos Central Dashboard, a widget can be deployed called 'Sensor location of detection'. This widget shows a map of the globe with icons to determine sensor location. This shows your Endpoint locations and any detections they have generated.

    As we are a UK based company, 99% of all of the sensor locations (Endpoints) are listed as being in the UK. However, there is one in a Country I would not expect to be in.

    I would like to know what information is used to determine the location of the Endpoint. If I click on the sensor location icon for the affected device I'm taken to the Detections pane in the TAC. I then have to Filter the results by location, by entering the location of the item as it was shown on the 'Sensor location of detection' widget. This then shows the detection information, but I see nothing in the Overview or Raw Data pane that defines the location.

    My concern is that there is something occurring on the endpoint that is telling Central that it is in a place that it is physically not. If so, there may be unwarranted software present, i.e. an unapproved VPN, etc.

    Many Thanls

Reply
  • 0 in reply to GlennSen

    Hi,

    On the Sophos Central Dashboard, a widget can be deployed called 'Sensor location of detection'. This widget shows a map of the globe with icons to determine sensor location. This shows your Endpoint locations and any detections they have generated.

    As we are a UK based company, 99% of all of the sensor locations (Endpoints) are listed as being in the UK. However, there is one in a Country I would not expect to be in.

    I would like to know what information is used to determine the location of the Endpoint. If I click on the sensor location icon for the affected device I'm taken to the Detections pane in the TAC. I then have to Filter the results by location, by entering the location of the item as it was shown on the 'Sensor location of detection' widget. This then shows the detection information, but I see nothing in the Overview or Raw Data pane that defines the location.

    My concern is that there is something occurring on the endpoint that is telling Central that it is in a place that it is physically not. If so, there may be unwarranted software present, i.e. an unapproved VPN, etc.

    Many Thanls

Children
No Data
Unfiltered HTML